A community-driven list of custom Escape rules. Test your API security with rules that automatically adapt for you.

Up-to-date simple useragent faker with real world database

Nginx module that calcuates fingerprints from the JA4 suite

A Swagger API Exploit

Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150 Tests, Add custom tests, Sensitive data exposure

APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.

Cyber Security ALL-IN-ONE Platform

notes some projects in github

serve as a reverse proxy to protect your web services from attacks and exploits.

Automated Security Testing For REST API's

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving to…

completely ridiculous API (crAPI)

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

WebGoat is a deliberately insecure application

The ParaBank demo application from Parasoft.

OWASP API Security Project

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

A global resource download orchestration system, build your home download center.

Open, Multi-Cloud, Multi-Cluster Kubernetes Orchestration